CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41390
https://notcve.org/view.php?id=CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. En Ericsson ECM versiones anteriores a 18.0, se observó que el Endpoint del Proveedor de Seguridad en la Sección de Administración de Perfiles de Usuario es vulnerable a una inyección de CSV • https://the-it-wonders.blogspot.com/2021/09/ericsson-ecm-enterprise-content_17.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-29144
https://notcve.org/view.php?id=CVE-2020-29144
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. En Ericsson BSCS iX R18 Billing & Rating iX R18, MX, es un módulo de base web en BSCS iX, que es vulnerable a un ataque de tipo XSS almacenado por medio de un comentario Alert Dashboard. En la mayoría de los casos de prueba, el secuestro de sesiones también fue posible usando la vulnerabilidad de tipo XSS. • http://the-it-wonders.blogspot.com/2020/01/ericsson-bscs-ix-r18-billing-rating.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-29145
https://notcve.org/view.php?id=CVE-2020-29145
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework. En Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX es un módulo de base web en BSCS iX que es vulnerable a un ataque de tipo XSS almacenado por medio del campo name o description en un Access Rights Group de solutionUnitServlet? • http://the-it-wonders.blogspot.com/2020/01/ericsson-bscs-ix-r18-billing-rating.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7417 – Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-7417
XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. Existe Cross-Site Scripting (XSS) en Ericsson Active Library Explorer (ALEX) 14.3 en múltiples parámetros en el servlet "/cgi-bin/alexserv", tal y como queda demostrado con los parámetros DB, FN, fn o id. Ericsson Active Library Explorer (ALEX) version 14.3 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/151583/Ericsson-Active-Library-Explorer-ALEX-14.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/27 http://www.ericsson.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 29%CPEs: 3EXPL: 3CVE-2015-2166 – Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-2166
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. Vulnerabilidad de salto de directorio en Instance Monitor en Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, y 6 permite a atacantes remotos leer ficheros arbitrarios a través de un ..%2f (punto punto barra oblicua codificada) en la URI por defecto. Ericsson Drutt MSDP (Instance Monitor) versions 4, 5, and 6 suffer from directory traversal and arbitrary file access vulnerabilities. • https://www.exploit-db.com/exploits/36619 https://github.com/K3ysTr0K3R/CVE-2015-2166-EXPLOIT http://packetstormsecurity.com/files/131233/Ericsson-Drutt-MSDP-Instance-Monitor-Directory-Traversal-File-Access.html http://www.securityfocus.com/bid/73901 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •